Fixed constant re-creation of filters in some cases

scripts/eyelib/cmd.pm

@@ -257,7 +257,7 @@ return 1;
 sub netdev_login {
 my $device = shift;
 #skip unknown vendor
-if (!$switch_auth{$device->{vendor_id}}) { return; }
+if (!$switch_auth{$device->{vendor_id}}) { return 0; }
 
 my $t;
 
@@ -272,7 +272,7 @@ if ($device->{proto} eq 'telnet') {
     if ($device->{vendor_id} eq '4') {
         eval {
             my $t1 = new Net::Telnet (Timeout => 5, Port => $device->{port}, Max_buffer_length=>10240000, Prompt =>"/$switch_auth{$device->{vendor_id}}{prompt}/");
-            $t1->open($device->{ip}) or return;
+            $t1->open($device->{ip}) or return 0;
             if (exists $switch_auth{$device->{vendor_id}}{login}) { $t1->waitfor("/$switch_auth{$device->{vendor_id}}{login}/"); }
             $t1->print($device->{login});
             if (exists $switch_auth{$device->{vendor_id}}{password}) { $t1->waitfor("/$switch_auth{$device->{vendor_id}}{password}/"); }
@@ -314,7 +314,7 @@ if ($device->{proto} eq 'telnet') {
             log_cmd($t,"disable clipaging");
             }
         };
-    if ($@) { log_error("Login to $device->{device_name} ip: $device->{ip} by telnet aborted: $@"); } else { log_info("Login to $device->{device_name} ip: $device->{ip} by telnet success!"); }
+    if ($@) { log_error("Login to $device->{device_name} ip: $device->{ip} by telnet aborted: $@"); return 0; } else { log_info("Login to $device->{device_name} ip: $device->{ip} by telnet success!"); }
     }
 
 if ($device->{proto} eq 'ssh') {
@@ -335,7 +335,7 @@ if ($device->{proto} eq 'ssh') {
 	    ]
 	    );
 
-        if ($t->error) {  log_error("Login to $device->{device_name} ip: $device->{ip} by ssh aborted: ".$t->error); }
+        if ($t->error) {  log_error("Login to $device->{device_name} ip: $device->{ip} by ssh aborted: ".$t->error); return 0; }
 
         netdev_set_enable($t,$device);
 
@@ -349,9 +349,9 @@ if ($device->{proto} eq 'ssh') {
         if ($device->{vendor_id} eq '6') {
             $t->capture("terminal length 0");
             }
-        if ($device->{vendor_id} eq '9') {
-            $t->capture("/system note set show-at-login=no");
-            }
+#        if ($device->{vendor_id} eq '9') {
+#            $t->capture("/system note set show-at-login=no");
+#            }
         if ($device->{vendor_id} eq '16') {
             $t->capture("terminal width 0");
             }

scripts/sync_mikrotik.pl

@@ -26,7 +26,7 @@ use Fcntl qw(:flock);
 use Parallel::ForkManager;
 use Net::DNS;
 
-#$debug = 1;
+$debug = 1;
 
 open(SELF,"<",$0) or die "Cannot open $0 - $!";
 flock(SELF, LOCK_EX|LOCK_NB) or exit 1;
@@ -79,6 +79,19 @@ next if (!$gate);
 $pm->start and next;
 $dbh = init_db();
 
+my @cmd_list=();
+
+$gate = netdev_set_auth($gate);
+$gate->{login}.='+ct400w';
+my $t = netdev_login($gate);
+
+if (!$t) {
+    log_error("Login to $gate->{device_name} [$gate->{ip}] failed! Skip gateway.");
+    $dbh->disconnect();
+    $pm->finish;
+    next;
+    }
+
 my $router_name=$gate->{device_name};
 my $router_ip=$gate->{ip};
 my $shaper_enabled = $gate->{queue_enabled};
@@ -104,12 +117,6 @@ if (@gw_subnets and scalar @gw_subnets) {
     }
 }
 
-my @cmd_list=();
-
-$gate = netdev_set_auth($gate);
-$gate->{login}.='+ct400w';
-my $t = netdev_login($gate);
-
 foreach my $int (@lan_int) { #interface dhcp loop
 next if (!$int);
 $int=trim($int);
@@ -412,8 +419,18 @@ do_sql($dbh,"DELETE FROM Group_filters WHERE filter_id NOT IN (SELECT id FROM Fi
 my @grouplist_ref = get_records_sql($dbh,"SELECT `group_id`,`filter_id`,`order`,`action` FROM Group_filters ORDER BY Group_filters.group_id,Group_filters.order");
 
 my %group_filters;
-my $index=0;
+my $index = 0;
+my $cur_group;
+
 foreach my $row (@grouplist_ref) {
+
+    if (!$cur_group) { $cur_group = $row->{group_id}; }
+
+    if ($cur_group != $row->{group_id}) {
+        $index = 0;
+        $cur_group = $row->{group_id};
+        }
+
     #if dst dns filter not found
     if (!$filters{$row->{filter_id}}->{dns_dst}) {
         $group_filters{'group_'.$row->{group_id}}->{$index}->{filter_id}=$row->{filter_id};
@@ -421,16 +438,16 @@ foreach my $row (@grouplist_ref) {
         $index++;
     } else {
         #if found dns dst filters - add
-	    if (exists $dyn_filters{$row->{filter_id}}) {
+	if (exists $dyn_filters{$row->{filter_id}}) {
 	        my @dyn_ips = @{$dyn_filters{$row->{filter_id}}};
 	        if (scalar @dyn_ips >0) {
 		        for (my $i = 0; $i < scalar @dyn_ips; $i++) {
-        	        $group_filters{'group_'.$row->{group_id}}->{$index}->{filter_id}=$dyn_ips[$i];
-                    $group_filters{'group_'.$row->{group_id}}->{$index}->{action}=$row->{action};
-        	        $index++;
-        	    }
+                            $group_filters{'group_'.$row->{group_id}}->{$index}->{filter_id}=$dyn_ips[$i];
+                            $group_filters{'group_'.$row->{group_id}}->{$index}->{action}=$row->{action};
+                            $index++;
+        	        }
 	        }
-        }
+            }
     }
 }
 
@@ -513,18 +530,28 @@ foreach my $group_name (keys %group_filters) {
 }
 
 my %chain_rules;
-foreach my $group_name (keys %group_filters) {
+foreach my $group_name (sort keys %group_filters) {
+
 next if (!$group_name);
+
 next if (!exists($group_filters{$group_name}));
-foreach my $filter_index (sort keys %{$group_filters{$group_name}}) {
-    my $filter_id=$group_filters{$group_name}->{$filter_index}->{filter_id};
+
+my %group_filter = %{$group_filters{$group_name}};
+
+foreach my $filter_index (sort keys %group_filter) {
+
+    my $filter = $group_filter{$filter_index};
+
+    my $filter_id=$filter->{filter_id};
+
     next if (!$filters{$filter_id});
+
     next if ($filters{$filter_id}->{dns_dst});
 
     my $src_rule='chain='.$group_name;
     my $dst_rule='chain='.$group_name;
 
-    if ($group_filters{$group_name}->{$filter_index}->{action}) {
+    if ($filter->{action}) {
 	$src_rule=$src_rule." action=accept";
 	$dst_rule=$dst_rule." action=accept";
 	} else {
@@ -570,18 +597,13 @@ foreach my $filter_index (sort keys %{$group_filters{$group_name}}) {
     }
 }
 
-
 #chain filters
-foreach my $group_name (keys %group_filters) {
-
+foreach my $group_name (sort keys %group_filters) {
 next if (!$group_name);
-
 my @get_filter=netdev_cmd($gate,$t,$gate->{proto},'/ip firewall filter print terse without-paging where chain='.$group_name,1);
 chomp(@get_filter);
-
 my @cur_filter=();
 my $chain_ok=1;
-
 foreach (my $f_index=0; $f_index<scalar(@get_filter); $f_index++) {
     my $filter_str=trim($get_filter[$f_index]);
     next if (!$filter_str);
@@ -592,7 +614,6 @@ foreach (my $f_index=0; $f_index<scalar(@get_filter); $f_index++) {
     next if (!$filter_str);
     push(@cur_filter,$filter_str);
 }
-
 log_debug("Current filters:".Dumper(\@cur_filter));
 log_debug("New filters:".Dumper($chain_rules{$group_name}));
 
@@ -605,7 +626,6 @@ foreach (my $f_index=0; $f_index<scalar(@cur_filter); $f_index++) {
 	last;
 	}
     }
-
 #new rules
 if ($chain_ok and $chain_rules{$group_name} and scalar(@{$chain_rules{$group_name}})) {
     foreach (my $f_index=0; $f_index<scalar(@{$chain_rules{$group_name}}); $f_index++) {
@@ -851,7 +871,7 @@ if (scalar(@cmd_list)) {
     };
     if ($@) {
         $all_ok = 0;
-	    log_debug("Error programming gateway! Err: ".$@);
+	log_debug("Error programming gateway! Err: ".$@);
         }
     }